When I self-hosted email I used Spamhaus to as a block list and Spam Assassin to filter the rest. Gmail users made up the biggest chunk of spam that got through but it was never from Google/Gmail domains, it was almost always from a Gmail user with a custom domain.
I am seeing Google constantly fail to catch obvious spam emails. At this point I suspect there is some institutional error on their part, where bad actors inside the org are allowing certain domains to simply not be spam filtered.
I've done some experiments with Gmail/Outlook/other spam detection clients on different types of spam/phishing etc. There's always someone who claims simple naive bayes algo would do better than Google.
I'm not able to share the research data, but Gmail filter is a lot better than everything else you see on the market, especially when it's not a newsletter-like advertisement spam, but an actual phishing attack on Org.
Some people say Outlook has better filtering func, but usually tests are not representative and Outlook simply has stricter rule for unwarmed-ip. Which is not that great of a feature in real world scenario.
I've been seeing some cleverly encoded emails with multiple MIME parts that bypass the spam filter. Gmail decodes one representation but displays another. Luckily the content they show to the spam filter is mostly static so a regular filter can catch it.
Looks like a very personal list. I would not advice anyone using this as part of anything. Rohith[1] is in India and most of the spam domains (did a quick split) in the list are similar sounding names of a lot of Indian companies/Startups. Not that the companies do not spam (they do) but emails/domain registration has become so easy that there are tiny setups/operations in every nook and corner of the streets/chawls/shanties of India trying to spam people.
You appear to be trying to argue against something, but it reads as "this is a lot of Indian stuff, which is chock-full of spammers". Read like that, it seems like the list is a good one.
In theory one can set any domain to "from" field, what about actual servers that sent the spam? How many of those spam emails have unsubscribe and/or complaint headers?
In theory the domain you set the "From:" field to will have DMARC, DKIM and SPF set up and in theory the recipient that implements those protocols will discard your mail as sent from an unauthorized server.
The spam emails pretty much ALL have unsubcribe headers now. I mean, they are all WORSE than useless since they are sending signal back to spammers, but Gmail is asking me to [Unsubscribe and Report Spam] anyway.
These are usually domains that belong to a disposable email service, be it public or private.
I maintain a 100% free API [1] to check if an email belongs to a disposable email service. We dogfood the same API endpoint to prevent users who abuse disposable emails to create fake accounts for free trial credits.
We use the domains found at https://www.stopforumspam.com/downloads amongst other sources of data. Works pretty well. We have close to eliminated fake account registration with the use of Recaptcha.
> We dogfood the same API endpoint to prevent users who abuse disposable emails to create fake accounts for free trial credits.
I usually use disposable emails to test services but don't want to be spammed. Often, I later upgrade to a paid plan if I like the service. If they block disposable email addresses, I will not even try them at all.
Congratulations, you make the internet worse for actual humans and better for corporations. Making the world a net worse place, for everyone that matters.
lwf|3 years ago
[1]: https://drewdevault.com/2021/02/25/Gmail-is-a-huge-source-of... , https://news.ycombinator.com/item?id=26265329
dpifke|3 years ago
If any other source of spam was so resistant to receiving abuse reports, they would be blackholed by everyone.
Thanks, antitrust enforcement.
inferiorhuman|3 years ago
prvit|3 years ago
NikhilVerma|3 years ago
chaoz_|3 years ago
I'm not able to share the research data, but Gmail filter is a lot better than everything else you see on the market, especially when it's not a newsletter-like advertisement spam, but an actual phishing attack on Org.
Some people say Outlook has better filtering func, but usually tests are not representative and Outlook simply has stricter rule for unwarmed-ip. Which is not that great of a feature in real world scenario.
r1ch|3 years ago
prawn|3 years ago
fuckcensorship|3 years ago
Brajeshwar|3 years ago
1. https://drive.google.com/file/d/1Z7bBo_rMQB0nJYUs8wl4pZeZVUv...
krageon|3 years ago
butz|3 years ago
avian|3 years ago
Ensorceled|3 years ago
Wronnay|3 years ago
Did you think about adding your list to well known blocklists? You can add it to e.g. OISD
nubela|3 years ago
I maintain a 100% free API [1] to check if an email belongs to a disposable email service. We dogfood the same API endpoint to prevent users who abuse disposable emails to create fake accounts for free trial credits.
We use the domains found at https://www.stopforumspam.com/downloads amongst other sources of data. Works pretty well. We have close to eliminated fake account registration with the use of Recaptcha.
[1]: https://nubela.co/proxycurl/disposable-email-checker-api
uallo|3 years ago
I usually use disposable emails to test services but don't want to be spammed. Often, I later upgrade to a paid plan if I like the service. If they block disposable email addresses, I will not even try them at all.
r1ch|3 years ago
krageon|3 years ago
nikanj|3 years ago
jstanley|3 years ago
shmde|3 years ago
Some people just want to watch the world burn.
corentin88|3 years ago
elashri|3 years ago
onphonenow|3 years ago
egberts1|3 years ago
https://www.theverge.com/2022/6/28/23186742/google-spam-prop...